After getting wildly sidetracked over the last week or so, I decided tonight to have a look at Zombi. If disk protection fails it eventually calls code at $440, which clears memory, sets A0 to a silly address and jumps into it, thus crashing the machine. The crash code at $440 doesn't actually appear in that memory location until RIGHT AT THE VERY LAST MOMENT, so I decided first to find the code that puts this 'crash code' into that memory location and work backwards from there.

I found that this game can be cracked a couple of ways: you can either NOP out the 'bgt $21182' at $21160, which is part of the disk check code itself (the game branches to $21182 if the disk check fails, thus putting the crash code into memory at $440 and executing that), which keeps in the drive grind, but loads the game regardless.

OR, if you could do without the annoying drive grind, you can NOP out the 'jsr $1810e' at $17f12, which is the call to the disk check itself. NOPping this out bypasses the disk check and causes the game to load as per normal without the disk check grinding business.

@mai: I'm quite sure Sektor 83 meant it was crappy that the software was mastered and sold in the shops complete with the bootblock virus; not that SPS had nevertheless archived it that way.

Yeah, this is exactly what I meant! I just couldn't believe that a games publisher would have allowed their software to go to retail without checking these kind of things first. Having said that, if it was sold in the store this way, then it should definitely be preserved that way. It stands as a fine historical example of a games publisher fucking up in a really stupid way, if anything!

SPS preserves games how they were released (including all faults, bugs and viruses). That should at least answer the question for IPF images

You can always use such image for a start and then remove the virus, generate a new image, etc. - hence the decision to do it like this. We also don't apply patches that might have surfaced, to keep the original state. You could always apply such patch later, but you could not go back to how it was.

Right then, so after (somehow) managing to get myself through that lot, I fancy getting my teeth stuck into some more... so, taking into account my progress on things so far, what do folks suggest I move onto next? Keep going at the same difficulty level or attempt something a little bit more of a step up from this? If anyone has any suggestions, I'll at the very least give it a try! Again, just for my own personal fun/practice/education purposes

An an aside though, I can see why the cracking experts ended up getting into this stuff to begin with. In a weird way, I'm finding doing stuff like this is just as much of a 'game' as the videogames themselves, and the feeling that you get once you actually manage to do it is pretty much similar to the same feeling as you get when 'getting to the next level', or 'defeating the final boss'

Right then, so after (somehow) managing to get myself through that lot, I fancy getting my teeth stuck into some more... so, taking into account my progress on things so far, what do folks suggest I move onto next? Keep going at the same difficulty level or attempt something a little bit more of a step up from this? If anyone has any suggestions, I'll at the very least give it a try! Again, just for my own personal fun/practice/education purposes

An an aside though, I can see why the cracking experts ended up getting into this stuff to begin with. In a weird way, I'm finding doing stuff like this is just as much of a 'game' as the videogames themselves, and the feeling that you get once you actually manage to do it is pretty much similar to the same feeling as you get when 'getting to the next level', or 'defeating the final boss'

Stunt Car Racer.

Uses a series 1 Copylock, works differently from the ones you are used to, but, its a step up from the basic Copylocks you've been doing

Uses a series 1 Copylock, works differently from the ones you are used to, but, its a step up from the basic Copylocks you've been doing

Hehehehehe... well, it's definitely different! I ran into a TVD pretty much straight away. In fact, jumping into the program at different points of loading, I'm finding myself in TVD's in different points of memory... interesting! Best get that pot of coffee on the go and try to work this one out!

Been having a further look at Stunt Car Racer tonight, and I fear I may have found my limits here Through hours of relentless breakpointing, scrutiny and managing to (ab)use the TVD (I took over one of the instructions and managed to get it to dump the encrypted code elsewhere, which is a new thing for me), I've got the impression the Copylock here seems to not be used to do a simple disk-check and then continue as normal, but I *think* it's actually checking the disk and THEN being used to decrypt the instructions for the game in memory! I may be going about this entirely the wrong way, but I've kinda reached the conclusion that, with this being single-load and everything, that the decrypted game code (including gfx and sound) can be grabbed once the game is fully loaded.

I've figured out where it jumps into the game code once you get past the 'intro screen' (with the credits), but the problem I'm having is that I'm finding it difficult to get the game going without the original disk. I saved out the memory, reset, loaded it back in, set up all the registers as they were at THAT exact point in the code (including SR), and made sure the trace vector has the exact same value as it was in that exact point in the code too, but I'm not having ANY success

It may just be a case of 'rookie mistakes' and I'm going about this completely the wrong way/need to go about it differently, or maybe my mind isn't completely 'on it', but it's definitely fair to say that this one is confusing the hell out of me! I've been at this one for hours, and trying out every idea that comes to mind.

No doubt I'm probably overlooking something stupidly obvious here... or maybe I just need to take a break!